Microsoft has published an advisory regarding a security feature bypass vulnerability impacting Surface Pro 3 tablets which could allow threat actors to introduce malicious devices within enterprise environments.
The security flaw tracked as
CVE-2021-42299 can be exploited in high complexity attacks dubbed
TPM Carte Blanche by Google security researchers who discovered them and shared additional details on Monday.
To successfully abuse the bug, attackers would either need access to the owner's credentials or physical access to the device.
Bypass security integrity checks
Device Health Attestation is a cloud and on-premises service that validates TPM and PCR logs for endpoints and informs Mobile Device Management (MDM) solutions if Secure Boot, BitLocker, and Early Launch Antimalware (ELAM) are enabled, Trusted Boot is correctly signed, and more.
Microsoft patches actively exploited Office zero-day vulnerability
Microsoft Warns Secure Boot May Be Bypassed as Windows UEFI Certificates Expire
Microsoft uses AI to find flaws in GRUB2, U-Boot, Barebox bootloaders